moved some stuff out of the now installed util.h header

Signed-off-by: Michael Krelin <hacker@klever.net>

8 files changed, 110 insertions, 82 deletions

diff --git a/include/Makefile.am b/include/Makefile.am
index 9f5982c..f842bb9 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,32 +1,33 @@
 NODIST_HEADERS_ = \
 	opkele/acconfig.h \
 	opkele/tr1-mem.h
 
 nobase_include_HEADERS = \
 	opkele/opkele-config.h \
 	opkele/types.h \
 	opkele/association.h \
 	opkele/exception.h \
 	opkele/server.h \
 	opkele/consumer.h \
 	opkele/extension.h \
 	opkele/sreg.h \
 	opkele/extension_chain.h \
 	opkele/xconsumer.h \
 	opkele/xserver.h \
 	opkele/uris.h \
 	opkele/tr1-mem.h \
 	opkele/basic_rp.h opkele/prequeue_rp.h \
 	opkele/iterator.h \
 	opkele/basic_op.h opkele/verify_op.h \
+	opkele/util.h \
 	${NODIST_HEADERS_}
 
 noinst_HEADERS = \
 	opkele/data.h \
 	opkele/curl.h opkele/expat.h opkele/tidy.h \
-	opkele/util.h \
+	opkele/util-internal.h \
 	opkele/debug.h \
 	opkele/discovery.h
 
 dist-hook:
 	rm -f $(addprefix ${distdir}/,${NODIST_HEADERS_})
diff --git a/include/opkele/util-internal.h b/include/opkele/util-internal.h
new file mode 100644
index 0000000..ec091ce
--- a/dev/null
+++ b/include/opkele/util-internal.h
@@ -0,0 +1,92 @@
+#ifndef __OPKELE_UTIL_INTERNAL_H
+#define __OPKELE_UTIL_INTERNAL_H
+
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+namespace opkele {
+    namespace util {
+
+	/**
+	 * Convenience class encapsulating SSL BIGNUM object for the purpose of
+	 * automatical freeing.
+	 */
+	class bignum_t {
+	    public:
+		BIGNUM *_bn;
+
+		bignum_t() : _bn(0) { }
+		bignum_t(BIGNUM *bn) : _bn(bn) { }
+		~bignum_t() throw() { if(_bn) BN_free(_bn); }
+		
+		bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; }
+
+		operator const BIGNUM*(void) const { return _bn; }
+		operator BIGNUM*(void) { return _bn; }
+	};
+	/**
+	 * Convenience clas encapsulating SSL DH object for the purpose of
+	 * automatic freeing.
+	 */
+	class dh_t {
+	    public:
+		DH *_dh;
+		
+		dh_t() : _dh(0) { }
+		dh_t(DH *dh) : _dh(dh) { }
+		~dh_t() throw() { if(_dh) DH_free(_dh); }
+
+		dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; }
+
+		operator const DH*(void) const { return _dh; }
+		operator DH*(void) { return _dh; }
+
+		DH* operator->() { return _dh; }
+		const DH* operator->() const { return _dh; }
+	};
+
+	/**
+	 * Convert base64-encoded SSL BIGNUM to internal representation.
+	 * @param b64 base64-encoded number
+	 * @return SSL BIGNUM
+	 * @throw failed_conversion in case of error
+	 */
+	BIGNUM *base64_to_bignum(const string& b64);
+	/**
+	 * Convert decimal representation to SSL BIGNUM.
+	 * @param dec decimal representation
+	 * @return resulting BIGNUM
+	 * @throw failed_conversion in case of error
+	 */
+	BIGNUM *dec_to_bignum(const string& dec);
+	/**
+	 * Convert SSL BIGNUM data to base64 encoded string.
+	 * @param bn BIGNUM
+	 * @return base64encoded string
+	 */
+	string bignum_to_base64(const BIGNUM *bn);
+
+	string abi_demangle(const char* mn);
+
+	class change_mode_message_proxy : public basic_openid_message {
+	    public:
+		const basic_openid_message& x;
+		const string& mode;
+
+		change_mode_message_proxy(const basic_openid_message& xx,const string& m) : x(xx), mode(m) { }
+
+		bool has_field(const string& n) const { return x.has_field(n); }
+		const string& get_field(const string& n) const {
+		    return (n=="mode")?mode:x.get_field(n); }
+		bool has_ns(const string& uri) const {return x.has_ns(uri); }
+		string get_ns(const string& uri) const { return x.get_ns(uri); }
+		fields_iterator fields_begin() const {
+		    return x.fields_begin(); }
+		fields_iterator fields_end() const {
+		    return x.fields_end(); }
+	};
+
+    }
+}
+
+#endif /* __OPKELE_UTIL_INTERNAL_H */
diff --git a/include/opkele/util.h b/include/opkele/util.h
index bc1a0ea..60955e1 100644
--- a/include/opkele/util.h
+++ b/include/opkele/util.h
@@ -1,111 +1,50 @@
 #ifndef __OPKELE_UTIL_H
 #define __OPKELE_UTIL_H
 
 #include <time.h>
 #include <string>
 #include <vector>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
 #include <opkele/types.h>
 
 namespace opkele {
     using std::string;
     using std::vector;
 
     /**
      * @brief opkele utils namespace
      */
     namespace util {
 
 	/**
-	 * Convenience class encapsulating SSL BIGNUM object for the purpose of
-	 * automatical freeing.
-	 */
-	class bignum_t {
-	    public:
-		BIGNUM *_bn;
-
-		bignum_t() : _bn(0) { }
-		bignum_t(BIGNUM *bn) : _bn(bn) { }
-		~bignum_t() throw() { if(_bn) BN_free(_bn); }
-		
-		bignum_t& operator=(BIGNUM *bn) { if(_bn) BN_free(_bn); _bn = bn; return *this; }
-
-		operator const BIGNUM*(void) const { return _bn; }
-		operator BIGNUM*(void) { return _bn; }
-	};
-	/**
-	 * Convenience clas encapsulating SSL DH object for the purpose of
-	 * automatic freeing.
-	 */
-	class dh_t {
-	    public:
-		DH *_dh;
-		
-		dh_t() : _dh(0) { }
-		dh_t(DH *dh) : _dh(dh) { }
-		~dh_t() throw() { if(_dh) DH_free(_dh); }
-
-		dh_t& operator=(DH *dh) { if(_dh) DH_free(_dh); _dh = dh; return *this; }
-
-		operator const DH*(void) const { return _dh; }
-		operator DH*(void) { return _dh; }
-
-		DH* operator->() { return _dh; }
-		const DH* operator->() const { return _dh; }
-	};
-
-	/**
-	 * Convert base64-encoded SSL BIGNUM to internal representation.
-	 * @param b64 base64-encoded number
-	 * @return SSL BIGNUM
-	 * @throw failed_conversion in case of error
-	 */
-	BIGNUM *base64_to_bignum(const string& b64);
-	/**
-	 * Convert decimal representation to SSL BIGNUM.
-	 * @param dec decimal representation
-	 * @return resulting BIGNUM
-	 * @throw failed_conversion in case of error
-	 */
-	BIGNUM *dec_to_bignum(const string& dec);
-	/**
-	 * Convert SSL BIGNUM data to base64 encoded string.
-	 * @param bn BIGNUM
-	 * @return base64encoded string
-	 */
-	string bignum_to_base64(const BIGNUM *bn);
-
-	/**
 	 * Convert internal time representation to w3c format
 	 * @param t internal representation
 	 * @return w3c time
 	 * @throw failed_conversion in case of error
 	 */
 	string time_to_w3c(time_t t);
 	/**
 	 * Convert W3C time representation to  internal time_t
 	 * @param w w3c representation
 	 * @return converted time
 	 * @throw failed_conversion in case of error
 	 */
 	time_t w3c_to_time(const string& w);
 
 	/**
 	 * Encode string to the representation suitable for using in URL.
 	 * @param str string to encode
 	 * @return encoded string
 	 * @throw failed_conversion in case of failure
 	 */
 	string url_encode(const string& str);
 
 	/**
 	 * Make string suitable for using as x(ht)ml attribute.
 	 * @param str string to escape
 	 * @return escaped string
 	 */
 	string attr_escape(const string& str);
 
 	/**
 	 * Convert number to string
 	 * @param l number
@@ -124,61 +63,52 @@ namespace opkele {
 	/**
 	 * Encode binary data using base64.
 	 * @param data pointer to binary data
 	 * @param length length of data
 	 * @return encoded data
 	 */
 	string encode_base64(const void *data,size_t length);
 	/**
 	 * Decode binary data from base64 representation.
 	 * @param data base64-encoded data
 	 * @param rv container for decoded binary
 	 */
 	void decode_base64(const string& data,vector<unsigned char>& rv);
 
 	/**
 	 * Normalize http(s) URI according to RFC3986, section 6. URI is
 	 * expected to have scheme: in front of it.
 	 * @param uri URI
 	 * @return normalized URI
 	 * @throw not_implemented in case of non-httpi(s) URI
 	 * @throw bad_input in case of malformed URI
 	 */
 	string rfc_3986_normalize_uri(const string& uri);
 
 	/**
 	 * Match URI against realm
 	 * @param uri URI to match
 	 * @param realm realm to match against
 	 * @return true if URI matches realm
 	 */
 	bool uri_matches_realm(const string& uri,const string& realm);
 
+	/**
+	 * Strip fragment part from URI
+	 * @param uri input/output parameter containing the URI
+	 * @return reference to uri
+	 */
 	string& strip_uri_fragment_part(string& uri);
 
-	string abi_demangle(const char* mn);
-
+	/**
+	 * Calculate signature and encode it using base64
+	 * @param assoc association being used for signing
+	 * @param om openid message
+	 * @return base64 representation of the signature
+	 */
 	string base64_signature(const assoc_t& assoc,const basic_openid_message& om);
 
-	class change_mode_message_proxy : public basic_openid_message {
-	    public:
-		const basic_openid_message& x;
-		const string& mode;
-
-		change_mode_message_proxy(const basic_openid_message& xx,const string& m) : x(xx), mode(m) { }
-
-		bool has_field(const string& n) const { return x.has_field(n); }
-		const string& get_field(const string& n) const {
-		    return (n=="mode")?mode:x.get_field(n); }
-		bool has_ns(const string& uri) const {return x.has_ns(uri); }
-		string get_ns(const string& uri) const { return x.get_ns(uri); }
-		fields_iterator fields_begin() const {
-		    return x.fields_begin(); }
-		fields_iterator fields_end() const {
-		    return x.fields_end(); }
-	};
-
     }
 
 }
 
 #endif /* __OPKELE_UTIL_H */
diff --git a/lib/basic_op.cc b/lib/basic_op.cc
index c247493..fa659ac 100644
--- a/lib/basic_op.cc
+++ b/lib/basic_op.cc
@@ -1,40 +1,41 @@
 #include <time.h>
 #include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/data.h>
 #include <opkele/basic_op.h>
 #include <opkele/exception.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/uris.h>
 
 namespace opkele {
 
     void basic_OP::reset_vars() {
 	assoc.reset();
 	return_to.clear(); realm.clear();
 	claimed_id.clear(); identity.clear();
 	invalidate_handle.clear();
     }
 
     bool basic_OP::has_return_to() const {
 	return !return_to.empty();
     }
     const string& basic_OP::get_return_to() const {
 	if(return_to.empty())
 	    throw no_return_to(OPKELE_CP_ "No return_to URL provided with request");
 	return return_to;
     }
 
     const string& basic_OP::get_realm() const {
 	assert(!realm.empty());
 	return realm;
     }
 
     bool basic_OP::has_identity() const {
 	return !identity.empty();
     }
     const string& basic_OP::get_claimed_id() const {
 	if(claimed_id.empty())
 	    throw non_identity(OPKELE_CP_ "attempting to retrieve claimed_id of non-identity related request");
 	assert(!identity.empty());
diff --git a/lib/basic_rp.cc b/lib/basic_rp.cc
index a0ad130..e65d9fb 100644
--- a/lib/basic_rp.cc
+++ b/lib/basic_rp.cc
@@ -1,40 +1,41 @@
 #include <cassert>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/basic_rp.h>
 #include <opkele/exception.h>
 #include <opkele/uris.h>
 #include <opkele/data.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/curl.h>
 
 namespace opkele {
 
     static void dh_get_secret(
 	    secret_t& secret, const basic_openid_message& om,
 	    const char *exp_assoc, const char *exp_sess,
 	    util::dh_t& dh,
 	    size_t d_len, unsigned char *(*d_fun)(const unsigned char*,size_t,unsigned char*),
 	    size_t exp_s_len) try {
 	if(om.get_field("assoc_type")!=exp_assoc || om.get_field("session_type")!=exp_sess)
 	    throw bad_input(OPKELE_CP_ "Unexpected associate response");
 	util::bignum_t s_pub = util::base64_to_bignum(om.get_field("dh_server_public"));
 	vector<unsigned char> ck(DH_size(dh)+1);
 	unsigned char *ckptr = &(ck.front())+1;
 	int cklen = DH_compute_key(ckptr,s_pub,dh);
 	if(cklen<0)
 	    throw exception_openssl(OPKELE_CP_ "failed to DH_compute_key()");
 	if(cklen && (*ckptr)&0x80) {
 	    (*(--ckptr))=0; ++cklen; }
 	assert(d_len<=SHA256_DIGEST_LENGTH);
 	unsigned char key_digest[SHA256_DIGEST_LENGTH];
 	secret.enxor_from_base64((*d_fun)(ckptr,cklen,key_digest),om.get_field("enc_mac_key"));
 	if(secret.size()!=exp_s_len)
 	    throw bad_input(OPKELE_CP_ "Secret length isn't consistent with association type");
     }catch(opkele::failed_lookup& ofl) {
 	throw bad_input(OPKELE_CP_ "Incoherent response from OP");
     } OPKELE_RETHROW
 
     static void direct_request(basic_openid_message& oum,const basic_openid_message& inm,const string& OP) {
 	util::curl_pick_t curl = util::curl_pick_t::easy_init();
 	if(!curl)
diff --git a/lib/consumer.cc b/lib/consumer.cc
index ebda262..801496e 100644
--- a/lib/consumer.cc
+++ b/lib/consumer.cc
@@ -1,36 +1,37 @@
 #include <algorithm>
 #include <cassert>
 #include <cstring>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/curl.h>
 #include <opkele/exception.h>
 #include <opkele/data.h>
 #include <opkele/consumer.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <iostream>
 
 #include "config.h"
 
 #include <pcre.h>
 
 namespace opkele {
     using namespace std;
     using util::curl_t;
     using util::curl_pick_t;
 
     class pcre_matches_t {
 	public:
 	    int *_ov;
 	    int _s;
 
 	    pcre_matches_t() : _ov(0), _s(0) { }
 	    pcre_matches_t(int s) : _ov(0), _s(s) {
 		if(_s&1) ++_s;
 		_s += _s>>1;
 		_ov = new int[_s];
 	    }
 	    ~pcre_matches_t() throw() { if(_ov) delete[] _ov; }
 
 	    int begin(int i) const { return _ov[i<<1]; }
 	    int end(int i) const { return _ov[(i<<1)+1]; }
diff --git a/lib/server.cc b/lib/server.cc
index 776f1ae..0dea1eb 100644
--- a/lib/server.cc
+++ b/lib/server.cc
@@ -1,37 +1,38 @@
 #include <cstring>
 #include <vector>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 #include <opkele/exception.h>
 #include <opkele/server.h>
 #include <opkele/data.h>
 
 namespace opkele {
     using namespace std;
 
     void server_t::associate(const params_t& pin,params_t& pout) {
 	util::dh_t dh;
 	util::bignum_t c_pub;
 	unsigned char key_sha1[SHA_DIGEST_LENGTH];
 	enum {
 	    sess_cleartext,
 	    sess_dh_sha1
 	} st = sess_cleartext;
 	if(
 		pin.has_param("openid.session_type")
 		&& pin.get_param("openid.session_type")=="DH-SHA1" ) {
 	    /* TODO: fallback to cleartext in case of exceptions here? */
 	    if(!(dh = DH_new()))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_new()");
 	    c_pub = util::base64_to_bignum(pin.get_param("openid.dh_consumer_public"));
 	    if(pin.has_param("openid.dh_modulus"))
 		dh->p = util::base64_to_bignum(pin.get_param("openid.dh_modulus"));
 	    else
 		dh->p = util::dec_to_bignum(data::_default_p);
 	    if(pin.has_param("openid.dh_gen"))
 		dh->g = util::base64_to_bignum(pin.get_param("openid.dh_gen"));
 	    else
 		dh->g = util::dec_to_bignum(data::_default_g);
 	    if(!DH_generate_key(dh))
 		throw exception_openssl(OPKELE_CP_ "failed to DH_generate_key()");
diff --git a/test/idiscover.cc b/test/idiscover.cc
index 44df9ce..4b1e90c 100644
--- a/test/idiscover.cc
+++ b/test/idiscover.cc
@@ -1,40 +1,41 @@
 #include <iostream>
 #include <stdexcept>
 #include <iterator>
 #include <algorithm>
 using namespace std;
 #include <opkele/exception.h>
 #include <opkele/discovery.h>
 #include <opkele/util.h>
+#include <opkele/util-internal.h>
 
 namespace opkele {
     ostream& operator<<(ostream& o,const opkele::openid_endpoint_t& oep) {
 	o
 	    << " URI:        " << oep.uri << endl
 	    << " Claimed ID: " << oep.claimed_id << endl
 	    << " Local ID:   " << oep.local_id << endl;
 	return o;
     }
 }
 
 int main(int argc,char **argv) {
     try {
 	if(argc<2)
 	    throw opkele::exception(OPKELE_CP_ "Please, give me something to resolve");
 	for(int a=1;a<argc;++a) {
 	    cout << "==============================================================" << endl
 		<< "User-supplied ID: " << argv[a] << endl
 		<< "Endpoints:" << endl
 		<< " --" << endl;
 	    string normalized = opkele::idiscover(
 			ostream_iterator<opkele::openid_endpoint_t>(cout," --\n")
 		     ,argv[a]);
 	    cout << "Normalized ID:   " << normalized << endl;
 	}
     }catch(exception& e) {
 	cerr << "oops, caught " << opkele::util::abi_demangle(typeid(e).name()) << endl
 	    << " .what(): " << e.what() << endl;
 	_exit(1);
     }
     _exit(0);
 }